Feeds:
Posts
Comments

Archive for February, 2008

Ubuntu Gutsy comes with 1 live CD + 5 DVD repositories. You can update your system through the internet or do it locally with the DVD repositories.

taufanlubis@toshiba:~$ sudo apt-get update

Ign cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy Release.gpg

Ign file: repo_gutsy/ Release.gpg

Ign cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy/main Translation-en_US

Ign file: repo_gutsy/ Translation-en_US

Ign file: repo_gutsy/ Release

Ign cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy/restricted Translation-en_US

Ign cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy Release

Ign file: repo_gutsy/ Packages

Ign cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy/main Packages

Ign cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy/restricted Packages

Err cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy/main Packages

Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs

Err cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy/restricted Packages

Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs

Failed to fetch cdrom:[Ubuntu 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/dists/gutsy/main/binary-i386/Packages.gz Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs

Failed to fetch cdrom:[Ubuntu 7.10 _Gutsy Gibbon_ - Release i386 (20071016)]/dists/gutsy/restricted/binary-i386/Packages.gz Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update cannot be used to add new CD-ROMs

Reading package lists… Done

E: Some index files failed to download, they have been ignored, or old ones used instead.

taufanlubis@toshiba:~$

If you want to use the DVD, you have to include it in Ubuntu Software Sources (System > Administration > Software Sources > Third party software > Add CD-ROM)

taufanlubis@toshiba:~$ sudo apt-cdrom add

Using CD-ROM mount point /cdrom/

Unmounting CD-ROM

Waiting for disc…

Please insert a Disc in the drive and press enter

Mounting CD-ROM…

Identifying.. [1111f9ece2521f48b7e53afca36da188-2]

Scanning disc for index files..

Found 1 package indexes, 0 source indexes, 0 translation indexes and 0 signatures

Please provide a name for this Disc, such as ‘Debian 2.1r1 Disk 1′:

disk_repo1

Name: ‘disk_repo1′

This disc is called:

‘disk_repo1′

Reading Package Indexes… Done

Writing new source list

Source list entries for this disc are:

deb cdrom:[disk_repo1]/ gutsy main

Unmounting CD-ROM…

Repeat this process for the rest of the CDs in your set.

taufanlubis@toshiba:~$

taufanlubis@toshiba:~$ sudo apt-get update

Ign file: repo_gutsy/ Release.gpg

Ign file: repo_gutsy/ Translation-en_US

Ign file: repo_gutsy/ Release

Ign file: repo_gutsy/ Packages

Ign cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy/main Translation-en_US

Ign cdrom://Ubuntu 7.10 _Gutsy Gibbon_ – Release i386 (20071016) gutsy/restricted Translation-en_US

Reading package lists… Done

taufanlubis@toshiba:~$

Read Full Post »

Tiger is a security program for Unix. It scans system configuration files, file system, and user configuration files for possible security problems and reports them.

Tiger was developed by Texas A&M University, 1994 , updated by the Advanced Research Corporation, 1999-2002 and further updated by Javier Fernandez-Sanguino, 2001-2005 .

Tiger is covered by the GNU General Public License (GPL)

Installation

From Ubuntu Linux terminal, type:

taufanlubis@toshiba:~$ sudo apt-get install tiger

Reading package lists… Done

Building dependency tree

Reading state information… Done

Recommended packages:

sendmail mail-transport-agent john chkrootkit

The following NEW packages will be installed:

tiger

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

Need to get 559kB of archives.

After unpacking 2863kB of additional disk space will be used.

Get:1 http://archive.ubuntu.com gutsy/universe tiger 1:3.2.1-37ubuntu1 [559kB]

Fetched 559kB in 48s (11.5kB/s)

Preconfiguring packages …

Selecting previously deselected package tiger.

(Reading database … 125037 files and directories currently installed.)

Unpacking tiger (from …/tiger_1%3a3.2.1-37ubuntu1_i386.deb) …

Setting up tiger (1:3.2.1-37ubuntu1) …

taufanlubis@toshiba:~$

 

How to run?

taufanlubis@toshiba:~$ sudo tiger

[sudo] password for taufanlubis:

Tiger UN*X security checking system

Developed by Texas A&M University, 1994

Updated by the Advanced Research Corporation, 1999-2002

Further updated by Javier Fernandez-Sanguino, 2001-2005

Covered by the GNU General Public License (GPL)

Configuring…

Will try to check using config for ‘i686′ running Linux 2.6.22-14-generic…

–CONFIG– [con005c] Using configuration files for Linux 2.6.22-14-generic. Using

configuration files for generic Linux 2.

Tiger security scripts *** 3.2.1, 2003.10.10.18.00 ***

06:37> Beginning security report for toshiba.

06:37> Starting file systems scans in background…

06:37> Checking password files…

06:37> Checking group files…

06:37> Checking user accounts…

06:37> Checking .rhosts files…

06:37> Checking .netrc files…

06:37> Checking ttytab, securetty, and login configuration files…

06:37> Checking PATH settings…

06:37> Checking anonymous ftp setup…

06:37> Checking mail aliases…

06:37> Checking cron entries…

06:37> Checking ‘inetd’ configuration…

06:37> Checking ‘tcpd’ configuration…

06:37> Checking ‘services’ configuration…

06:38> Checking NFS export entries…

06:38> Checking permissions and ownership of system files…

–CONFIG– [con010c] Filesystem ‘securityfs’ used by ‘securityfs’ is not recognised as a local filesystem

06:38> Checking for indications of break-in…

–CONFIG– [con010c] Filesystem ‘securityfs’ used by ‘securityfs’ is not recognised as a local filesystem

06:38> Performing rootkit checks…

06:38> Performing system specific checks…

06:42> Performing root directory checks…

06:42> Checking for secure backup devices…

06:42> Checking for the presence of log files…

06:42> Checking for the setting of user’s umask…

06:42> Checking for listening processes…

06:42> Checking SSHD’s configuration…

06:42> Checking the printers control file…

06:42> Checking ftpusers configuration…

06:42> Checking NTP configuration…

06:42> Waiting for filesystems scans to complete…

06:42> Filesystems scans completed…

06:42> Performing check of embedded pathnames…

06:42> Security report completed for toshiba.

Security report is in `/var/log/tiger/security.report.toshiba.080207-06:37′.

taufanlubis@toshiba:~$

 

Check the report

taufanlubis@toshiba:~$ sudo gedit /var/log/tiger/security.report.toshiba.080207-06:37

Security scripts *** 3.2.1, 2003.10.10.18.00 ***

Thu Feb 7 06:37:54 WIT 2008

06:37> Beginning security report for toshiba (i686 Linux 2.6.22-14-generic).

# Performing check of passwd files…

# Checking entries from /etc/passwd.

–WARN– [pass014w] Login (backup) is disabled, but has a valid shell.

–WARN– [pass014w] Login (bin) is disabled, but has a valid shell.

–WARN– [pass014w] Login (daemon) is disabled, but has a valid shell.

–WARN– [pass014w] Login (games) is disabled, but has a valid shell.

–WARN– [pass014w] Login (gnats) is disabled, but has a valid shell.

–WARN– [pass014w] Login (irc) is disabled, but has a valid shell.

–WARN– [pass014w] Login (list) is disabled, but has a valid shell.

–WARN– [pass014w] Login (lp) is disabled, but has a valid shell.

–WARN– [pass014w] Login (mail) is disabled, but has a valid shell.

–WARN– [pass014w] Login (man) is disabled, but has a valid shell.

–WARN– [pass014w] Login (news) is disabled, but has a valid shell.

–WARN– [pass014w] Login (nobody) is disabled, but has a valid shell.

–WARN– [pass014w] Login (proxy) is disabled, but has a valid shell.

–WARN– [pass015w] Login ID sync does not have a valid shell (/bin/sync).

–WARN– [pass014w] Login (sys) is disabled, but has a valid shell.

–WARN– [pass014w] Login (uucp) is disabled, but has a valid shell.

–WARN– [pass014w] Login (www-data) is disabled, but has a valid shell.

–WARN– [pass012w] Home directory /nonexistent exists multiple times (2) in

/etc/passwd.

–WARN– [pass006w] Integrity of password files questionable (/usr/sbin/pwck

-r).

# Performing check of group files…

# Performing check of user accounts…

# Checking accounts from /etc/passwd.

–WARN– [acc006w] Login ID gdm’s home directory (/var/lib/gdm) has group

`gdm’ write access.

–WARN– [acc022w] Login ID nobody home directory (/nonexistent) is not

accessible.

# Performing check of /etc/hosts.equiv and .rhosts files…

# Checking accounts from /etc/passwd…

# Performing check of .netrc files…

# Checking accounts from /etc/passwd…

# Performing common access checks for root (in /etc/default/login, /securetty, and /etc/ttytab…

–WARN– [root003w] Root user has message capability turned on.

# Performing check of PATH components…

–WARN– [path009w] /etc/profile does not export an initial setting for PATH.

# Only checking user ‘root’

# Performing check of anonymous FTP…

# Performing checks of mail aliases…

# Checking aliases from /etc/aliases.

# Performing check of `cron’ entries…

–WARN– [cron004w] Root crontab does not exist

–WARN– [cron005w] Use of cron is not restricted

# Performing check of ‘inetd’…

# Checking inetd entries from /etc/inetd.conf

# Performing check of services with tcp wrappers…

# Analysing inetd entries from /etc/inetd.conf

# Performing check of ‘services’ …

# Checking services from /etc/services.

–WARN– [inet003w] The port for service postgres is also assigned to service

postgresql.

–WARN– [inet003w] The port for service postgres is also assigned to service

postgresql.

–WARN– [inet003w] The port for service sane is also assigned to service

sane-port.

# Performing NFS exports check…

# Performing check of system file permissions…

# Checking for known intrusion signs…

# Testing for promiscuous interfaces with /bin/ip

# Testing for backdoors in inetd.conf

# Performing check of files in system mail spool…

# Performing check for rookits…

# Performing system specific checks…

# Performing checks for Linux/2…

# Checking for single user-mode password…

# Checking boot loader file permissions…

–WARN– [boot02] The configuration file /boot/grub/menu.lst has group

permissions. Should be 0600

–FAIL– [boot02] The configuration file /boot/grub/menu.lst has world

permissions. Should be 0600

–WARN– [boot06] The Grub bootloader does not have a password configured.

# Checking for vulnerabilities in inittab configuration…

# Checking for correct umask settings for init scripts…

–WARN– [misc021w] There are no umask entries in /etc/init.d/rcS

# Checking Logins not used on the system …

# Checking network configuration

–WARN– [lin012w] The system accepts ICMP redirection messages

–FAIL– [lin013f] The system is not protected against Syn flooding attacks

–FAIL– [lin014f] The system permits the transmission of IP packets with

invalid addresses

–FAIL– [lin016f] The system permits source routing from incoming packets

–WARN– [lin017w] The system is not configured to log suspicious (martian)

packets

–FAIL– [lin019f] The system does not have any local firewall rules

configured

# Verifying system specific password checks…

# Checking OS release…

–WARN– [osv004w] Unreleased Debian GNU/Linux version `lenny/sid’

# Checking installed packages vs Debian Security Advisories…

# Checking md5sums of installed files

–FAIL– [lin005f] Installed file

`/usr/share/alsa/cards/SI7018/sndoc-mixer.alisp’ checksum differs

from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file

`/usr/share/alsa/cards/SI7018/sndop-mixer.alisp’ checksum differs

from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/cards/PC-Speaker.conf’

checksum differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/cards/PMac.conf’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/cards/PMacToonie.conf’

checksum differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/pcm/dmix.conf’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/pcm/dsnoop.conf’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/sndo-mixer.alisp’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/share/alsa/smixer.conf’ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file `/usr/lib/libasound.so.2.0.0′ checksum

differs from installed package ‘libasound2′.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.pcimap’ checksum differs from

installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file `/lib/modules/2.6.22-14-generic/modules.dep’

checksum differs from installed package

‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.ieee1394map’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.usbmap’ checksum differs from

installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.isapnpmap’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.inputmap’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.seriomap’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.alias’ checksum differs from

installed package ‘linux-image-2.6.22-14-generic’.

–FAIL– [lin005f] Installed file

`/lib/modules/2.6.22-14-generic/modules.symbols’ checksum differs

from installed package ‘linux-image-2.6.22-14-generic’.

# Checking installed files against packages…

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-pcm.ko’ does

not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/snd-seq-device.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/oss/snd-seq-oss.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/snd-seq.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/seq/snd-seq-midi-event.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-hwdep.ko’ does

not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/oss/snd-pcm-oss.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/oss/snd-mixer-oss.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-timer.ko’ does

not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd.ko’ does not

belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-rtctimer.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/acore/snd-page-alloc.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/kernel/sound/pci/hda/snd-hda-intel.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/misc/vboxdrv.ko’ does

not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/volatile/nvidia_new.ko’ does not

belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/volatile/nvidia_legacy.ko’ does not

belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/nvidia.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fxusb.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fwlanusb.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fglrx.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcusb.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcpci.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslusba.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslusb2.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslusb.ko’

does not belong to any package.

–WARN– [lin001w] File

`/lib/modules/2.6.22-14-generic/volatile/fcdslslusb.ko’ does not

belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdslsl.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdsl2.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/fcdsl.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/ath_hal.ko’

does not belong to any package.

–WARN– [lin001w] File `/lib/modules/2.6.22-14-generic/volatile/.mounted’

does not belong to any package.

–WARN– [lin001w] File `/usr/bin/aserver’ does not belong to any package.

# Performing check of root directory…

# Checking device permissions…

–FAIL– [dev002f] /dev/log has world permissions

–WARN– [dev003w] File /dev/sndstat is a regular file in a device directory.

# Checking for existence of log files…

–FAIL– [logf005f] Log file /var/log/btmp permission should be 660

# Checking for correct umask settings…

# Checking listening processes

–WARN– [lin003w] The process `avahi-daemon’ is listening on socket 32768

(UDP on every interface) is run by avahi.

–WARN– [lin003w] The process `avahi-daemon’ is listening on socket 5353 (UDP

on every interface) is run by avahi.

# Checking sshd_config configuration files…

–FAIL– [ssh005w] Cannot find a configuration file for SSH.

# Performing common access checks for root…

–FAIL– [netw020f] There is no /etc/ftpusers file.

# Checking ntpd configuration…

# Checking unusual file names…

# Looking for unusual device files…

–ALERT– [fsys006a] Unexpected device files found:

crw——- 1 root root 5, 1 Oct 16 06:18 /lib/udev/devices/console

crw-r—– 1 root kmem 1, 2 Oct 16 06:18 /lib/udev/devices/kmem

brw——- 1 root root 7, 0 Oct 16 06:18 /lib/udev/devices/loop0

crw——- 1 root root 10, 200 Oct 16 06:18 /lib/udev/devices/net/tun

crw——- 1 root root 1, 3 Oct 16 06:18 /lib/udev/devices/null

crw——- 1 root root 108, 0 Oct 16 06:18 /lib/udev/devices/ppp

lrwxrwxrwx 1 root root 15 Feb 2 17:28 /lib/udev/devices/stderr -> /proc/self/fd/2

# Checking symbolic links…

# Performing check of embedded pathnames…

06:42> Security report completed for toshiba.

Read Full Post »

What is chkrootkit?

It’s a program to check your system for signs of a rootkit. And what is rootkit?

Rootkit is a program or combination of programs which is used for someone to create a back-door into your system and act as a root privileges.

There are 5 output messages for chkrootkit.

  • INFECTED

  • not infected

  • not tested

  • not found

  • Vulnerable but disabled.

Installation

taufanlubis@toshiba:~$ sudo apt-get install chkrootkit

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following NEW packages will be installed:

chkrootkit

0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

Need to get 271kB of archives.

After unpacking 758kB of additional disk space will be used.

Get:1 http://archive.ubuntu.com gutsy/main chkrootkit 0.47-1.1 [271kB]

Fetched 271kB in 25s (10.5kB/s)

Preconfiguring packages …

Selecting previously deselected package chkrootkit.

(Reading database … 125405 files and directories currently installed.)

Unpacking chkrootkit (from …/chkrootkit_0.47-1.1_i386.deb) …

Setting up chkrootkit (0.47-1.1) …

taufanlubis@toshiba:~$


Run the program

taufanlubis@toshiba:~$ sudo chkrootkit

ROOTDIR is `/’

Checking `amd’… not found

Checking `basename’… not infected

Checking `biff’… not found

Checking `chfn’… not infected

Checking `chsh’… not infected

Checking `cron’… not infected

Checking `crontab’… not infected

Checking `date’… not infected

Checking `du’… not infected

Checking `dirname’… not infected

Checking `echo’… not infected

Checking `egrep’… not infected

Checking `env’… not infected

Checking `find’… not infected

Checking `fingerd’… not found

Checking `gpm’… not found

Checking `grep’… not infected

Checking `hdparm’… not infected

Checking `su’… not infected

Checking `ifconfig’… not infected

Checking `inetd’… not infected

Checking `inetdconf’… not infected

Checking `identd’… not found

Checking `init’… not infected

Checking `killall’… not infected

Checking `ldsopreload’… not infected

Checking `login’… not infected

Checking `ls’… not infected

Checking `lsof’… not infected

Checking `mail’… not found

Checking `mingetty’… not found

Checking `netstat’… not infected

Checking `named’… not found

Checking `passwd’… not infected

Checking `pidof’… not infected

Checking `pop2′… not found

Checking `pop3′… not found

Checking `ps’… not infected

Checking `pstree’… not infected

Checking `rpcinfo’… not infected

Checking `rlogind’… not found

Checking `rshd’… not found

Checking `slogin’… not infected

Checking `sendmail’… not found

Checking `sshd’… not found

Checking `syslogd’… not infected

Checking `tar’… not infected

Checking `tcpd’… not infected

Checking `tcpdump’… not infected

Checking `top’… not infected

Checking `telnetd’… not found

Checking `timed’… not found

Checking `traceroute’… not infected

Checking `vdir’… not infected

Checking `w’… not infected

Checking `write’… not infected

Checking `aliens’… no suspect files

Searching for sniffer’s logs, it may take a while… nothing found

Searching for HiDrootkit’s default dir… nothing found

Searching for t0rn’s default files and dirs… nothing found

Searching for t0rn’s v8 defaults… nothing found

Searching for Lion Worm default files and dirs… nothing found

Searching for RSHA’s default files and dir… nothing found

Searching for RH-Sharpe’s default files… nothing found

Searching for Ambient’s rootkit (ark) default files and dirs… nothing found

Searching for suspicious files and dirs, it may take a while…

/usr/lib/firefox/.autoreg

/usr/lib/jvm/.java-7-icedtea.jinfo

/usr/lib/blender/.Blanguages

/usr/lib/blender/.bfont.ttf

/lib/modules/2.6.22-14-generic/volatile/.mounted

 

Searching for LPD Worm files and dirs… nothing found

Searching for Ramen Worm files and dirs… nothing found

Searching for Maniac files and dirs… nothing found

Searching for RK17 files and dirs… nothing found

Searching for Ducoci rootkit… nothing found

Searching for Adore Worm… nothing found

Searching for ShitC Worm… nothing found

Searching for Omega Worm… nothing found

Searching for Sadmind/IIS Worm… nothing found

Searching for MonKit… nothing found

Searching for Showtee… nothing found

Searching for OpticKit… nothing found

Searching for T.R.K… nothing found

Searching for Mithra… nothing found

Searching for OBSD rk v1… /usr/lib/security

/usr/lib/security/classpath.security

Searching for LOC rootkit… nothing found

Searching for Romanian rootkit… nothing found

Searching for Suckit rootkit… nothing found

Searching for Volc rootkit… nothing found

Searching for Gold2 rootkit… nothing found

Searching for TC2 Worm default files and dirs… nothing found

Searching for Anonoying rootkit default files and dirs… nothing found

Searching for ZK rootkit default files and dirs… nothing found

Searching for ShKit rootkit default files and dirs… nothing found

Searching for AjaKit rootkit default files and dirs… nothing found

Searching for zaRwT rootkit default files and dirs… nothing found

Searching for Madalin rootkit default files… nothing found

Searching for Fu rootkit default files… nothing found

Searching for ESRK rootkit default files… nothing found

Searching for rootedoor… nothing found

Searching for ENYELKM rootkit default files… nothing found

Searching for anomalies in shell history files… nothing found

Checking `asp’… not infected

Checking `bindshell’… not infected

Checking `lkm’… chkproc: nothing detected

Checking `rexedcs’… not found

Checking `sniffer’… lo: not promisc and no packet sniffer sockets

eth0: PACKET SNIFFER(/sbin/dhclient3[6036], /usr/sbin/avahi-autoipd[5879])

Checking `w55808′… not infected

Checking `wted’… chkwtmp: nothing deleted

Checking `scalper’… not infected

Checking `slapper’… not infected

Checking `z2′… user taufanlubis deleted or never logged from lastlog!

taufanlubis@toshiba:~$

Read Full Post »

« Newer Posts

Follow

Get every new post delivered to your Inbox.

Join 69 other followers